Stephen A. Riga

Of Counsel || Indianapolis

Mr. Riga concentrates his practice in the areas of privacy and security, employee benefits, and healthcare matters, with clients in the healthcare, technology, retail, and manufacturing industries.

Privacy and Security

Mr. Riga counsels clients on a variety of data privacy and information security compliance issues regarding healthcare, employment and other company data.  Work with clients includes:

  • Analyzing regulatory compliance under state, federal and international standards, including HIPAA privacy and security rules, FMLA and ADA confidentiality, GDPR, and the CCPA
  • Developing data privacy and information security programs, including internal and external corporate policy preparation and review
  • Workforce training
  • Counseling clients during and after security incidents and breach events, evaluating scope, applicable law, and methods to mitigate harm
  • Representing clients in governmental investigations

Employee Benefits

Mr. Riga’s benefits practice includes work with both qualified retirement plans and health and welfare plans. Services include:

  • Counseling on compliance under tax law, ERISA, the Affordable Care Act and HIPAA
  • Preparation of plan documents and supporting documents
  • Benefit communication counseling
  • Conducting due diligence related to benefit plan issues for mergers and acquisitions

Health Care

Mr. Riga represents a number of clients in the health care industry, providing services regarding:

  • HIPAA compliance advice
  • Privacy policy and security program design
  • Workplace training
  • Breach incident evaluation and mitigation

Mr. Riga received his J.D. from the Indiana University School of Law – Indianapolis in 2006. Originally from Los Angeles, California, Mr. Riga earned an undergraduate degree in English and History from Ball State University.


Learn more about Stephen A. Riga


  • J.D., magna cum laude, Indiana University School of Law—Indianapolis, 2006
  • B.A., summa cum laude, Ball State University, 1994

Admittance to Practice

  • Indiana
  • U.S. District Court, Northern and Southern Districts of Indiana

Professional Activities

  • International Association of Privacy Professionals
  • Indianapolis Bar Association
  • American Bar Association (Taxation and Business Law Sections)
  • International Foundation of Employee Benefit Plans
  • CIPP/US (Certified Information Privacy Professional/United States)
  • CIPP/E (Certified Information Privacy Professional/Europe)
  • Co-chair of the IAPP Indianapolis KnowledgeNet Chapter


  • Indiana Chamber of Commerce Employee Benefits Seminar - "Post-Deal Benefits and Compensation Integration Issues" - Indianapolis - September 12, 2018
  • Indiana Chamber of Commerce Employee Benefits Seminar - "Your Money or Your Data" - Indianapolis - September 12, 2018
  • Ogletree Deakins Workplace Strategies Seminar - "Your Money or Your Data! Cautionary Tales of Cybersecurity in the Benefits World" - Phoenix - May 10, 2018
  • Indiana Chamber of Commerce Employee Benefits Seminar - "Benefit Plan Data Security: New Threats, New Obligations" - Indianapolis - September 19, 2017
  • GDPR Privacy Workshops, TrustArc Privacy Insight Series - "GDPR HR Requirements & National Derogations" - multiple locations - Fall 2017
  • Ogletree Deakins Employee Benefits and Executive Compensation Symposium - "Benefit Plan Data Security: New Threats, New Obligations" - Austin - March 23, 2017
  • Indiana Benefit Conference - "Data Privacy and Security for Employee Benefit Plans" - Indianapolis - October 18, 2016
  • Ogletree Deakins Webinar - "Privacy and Security for Benefit Plans: To HIPAA, and Beyond!" - October 5, 2016
  • National Business Institute - "Keeping HIPAA-Protected Records Safe – Tips for Cautious Attorneys" - Indianapolis - September 15, 2016
  • Indiana Chamber of Commerce Employee Benefits Seminar - "On-site Clinics: The Modern Health Plan" - Indianapolis - September 13, 2016
  • Indiana Chamber of Commerce - "Benefits and FMLA" - Indianapolis - January 21, 2016
  • Ogletree Deakins Seminar - "The Internet of Things: Data Privacy Consideration for Employers" - Indianapolis - October 8, 2015
  • Indiana Chamber of Commerce Employee Benefits Seminar - "There’s More to Life than the ACA: Other Important Self-Funded Health Plan Developments" - Indianapolis - September 15, 2015
  • Indiana Chamber of Commerce - "Employee Benefits Update (ERISA, COBRA, HIPAA)" - French Lick - September 11, 2015
  • Indiana Chamber of Commerce - "Employee Benefits Update (ERISA, COBRA, HIPAA)" - South Bend - August 14, 2015
  • Strafford Webinar - "Data Breach in ERISA Benefit Plans: Prevention and Response" - April 23, 2015
  • Ogletree Deakins Webinar - "Mind the Gap: Steps Employers Can Take to Address Benefit Plan Data Breaches" - February 17, 2015
  • Lorman - Health Care Reform for Employers: Now What? - "HIPAA Compliance: Strategies Strategies and Action Items for Health Plans" - Indianapolis - December 3, 2014
  • Indiana Chamber of Commerce & Ogletree Deakins Annual Employee Benefits Seminar - "Speakers Panel: ERISA at 40: Top 10 Cases for Dinner Party Conversations" - Indianapolis - September 17, 2014
  • Indiana Chamber of Commerce - Employee Benefits Seminar - "Beyond HIPAA: Protecting Data Security for All Benefit Plans" - Indianapolis - September 17, 2014
  • Indiana Chamber of Commerce & Ogletree Deakins Annual Employee Benefits Seminar - "New Privacy Deadlines: What Must Health Plans Do by September 23, 2013?" - Indianapolis - September 12, 2013
  • Benefits: Cost Containment, Audits and Legal Risks Virtual Conference - Webinar - "HIPAA, HITECH, and HHS, Oh My! What Changes in the Health Privacy Regulations Mean for Employers" - August 9, 2013
  • Chamber of Commerce Benefit Seminar - "Preparing for Health & Welfare Plan Audits" - Indianapolis - September 13, 2012

Insights by Stephen A. Riga